package com.wugui.datax.admin.filter;

import static com.wugui.datatx.core.util.Constants.SPLIT_COMMA;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.alibaba.fastjson.JSON;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.wugui.datatx.core.biz.model.ReturnT;
import com.wugui.datax.admin.core.util.I18nUtil;
import com.wugui.datax.admin.entity.JwtUser;
import com.wugui.datax.admin.entity.LoginUser;
import com.wugui.datax.admin.util.JwtTokenUtils;

import lombok.extern.slf4j.Slf4j;

/**
 * Created by jingwk on 2019/11/17
 */
@Slf4j
public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

	private ThreadLocal<Integer> rememberMe = new ThreadLocal<>();
	private AuthenticationManager authenticationManager;

	public JWTAuthenticationFilter(AuthenticationManager authenticationManager) {
		this.authenticationManager = authenticationManager;
		super.setFilterProcessesUrl("/api/auth/login");
	}

	@Override
	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
			throws AuthenticationException {

		// 从输入流中获取到登录的信息
		try {
			LoginUser loginUser = new ObjectMapper().readValue(request.getInputStream(), LoginUser.class);
			rememberMe.set(loginUser.getRememberMe());
			return authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(loginUser.getUsername(),
					loginUser.getPassword(), new ArrayList<>()));
		} catch (IOException e) {
			logger.error("attemptAuthentication error :{}", e);
			return null;
		}
	}

	// 成功验证后调用的方法
	// 如果验证成功，就生成token并返回
	@Override
	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain,
			Authentication authResult) throws IOException {

		JwtUser jwtUser = (JwtUser) authResult.getPrincipal();
		boolean isRemember = rememberMe.get() == 1;

		String role = "";
		Collection<? extends GrantedAuthority> authorities = jwtUser.getAuthorities();
		for (GrantedAuthority authority : authorities) {
			role = authority.getAuthority();
		}

		String token = JwtTokenUtils.createToken(jwtUser.getId(), jwtUser.getUsername(), role, isRemember);
		response.setHeader("token", JwtTokenUtils.TOKEN_PREFIX + token);
		response.setCharacterEncoding("UTF-8");
		Map<String, Object> maps = new HashMap<>();
		maps.put("data", JwtTokenUtils.TOKEN_PREFIX + token);
		maps.put("roles", role.split(SPLIT_COMMA));
		response.getWriter().write(JSON.toJSONString(new ReturnT<>(maps)));
	}

	@Override
	protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
			AuthenticationException failed) throws IOException, ServletException {
		response.setCharacterEncoding("UTF-8");
		response.getWriter().write(
				JSON.toJSON(new ReturnT<>(ReturnT.FAIL_CODE, I18nUtil.getString("login_param_invalid"))).toString());
	}
}